Several technological approaches and managerial procedures have been developed to help ensure availability, integrity, and confidentiality of information exchanged and managed by a computer system or network. One such technological approach is to provide and manage protected enclaves (or security enclaves).
In a protected enclave, a community-of-interest is established in which users having a need-to-know run applications within a network that is protected by predetermined security measures. The users may be co-located but need not be co-located. The applications may include, without limitation, electronic mail (Email), instant messaging (IM), file transfer, and the like. The security measures may be directed to protect content that includes national security information (such as confidential, secret, top secret, and the like); financial information; business information; personal information; and the like.
When a protected enclave is established, measures must be taken to enable appropriate sharing or exchange of data between the protected enclave and the outside world. In one approach to sharing data, a secure network server (or a guard server) acts as a gateway to route and filter data exchanged between the protected enclave and the outside world, or between a first protected enclave operating at a first security level and a second protected enclave operating at a second security level that is different (either higher or lower) than the first security level.
Thus, the guard server may filter sensitive information from the data originated by an application in the protected enclave. However, in order for the guard server to filter the data, the guard server must understand how to parse the data. Therefore, both the guard server and the application must be cognizant of format of the data originated by the application.
If the guard server understands how to parse the data, then the guard server can filter the data and pass on the data, if appropriate. As an example, a file transfer application in a protected enclave may transfer files using an FTP protocol in its application layer. The guard server application may also include the FTP protocol in its application layer. In such a case, the guard server understands how to parse the data that the application wants to send out of the protected enclave. Therefore, the guard server filters the information and can route the data accordingly.
On the other hand, if the guard server does not understand how to parse the data, then the guard server will send the data to a suitable “data dump” and may generate an event for a security event log. As an example, an application in a protected enclave may send a web page using an HTTP protocol in its application layer. However, the guard server application may not include the HTTP protocol in its application layer. In such a case, the guard server does not understand how to parse the data that the application wants to send out of the protected enclave. Therefore, the guard server cannot filter the information and cannot route the data accordingly. Instead, the guard server will send the data to a suitable “data dump” and may generate an event for a security event log.
In currently known approaches, the filtering described above is performed by the guard server. In order for the guard server to recognize a data format that was previously unrecognizable, the guard server would have to be reprogrammed to recognize the desired data format. Alternately, all of the machines running applications in the protected application would have to be reprogrammed to recognize all data formats that are recognized by the guard server. Either approach is extremely time-and-labor intensive and, therefore, is cost prohibitive.
As a result, the design of currently known guard servers is tightly coupled to the applications executed in the protected enclaves. This tight coupling can reduce flexibility of design of the guard server and of the applications; can reduce re-use of software; can increase “lock-in” and dependence on certain vendors; and can increase integration cost.
Therefore, it would be desirable for a guard server to be able to recognize data formats of applications executed in the protected enclaves without reprogramming the guard server to recognize a previously unrecognizable data format and without reprogramming all machines running applications in a protected enclave to recognize all data formats that are recognized by the guard server.
The foregoing examples of related art and limitations associated therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.